Syntax for kerberos auth
7MinSec opened this issue · comments
Hi,
I'm sure I'm missing something obvious but can't get a session going with Kerberos auth. I stole a TGT on a pentest, converted it to a .ccache. I can use the TGT properly with netexec.
In smbclientng I'm not sure about the syntax - is this right?
smbclientng --host somedesktop.domain.com -k --kdcHost dc.domain.com -d domain.com
I get a big barf error:
Traceback (most recent call last):
File "/home/kali/.local/bin/smbclientng", line 8, in <module>
sys.exit(main())
^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/smbclientng/__main__.py", line 124, in main
sessionsManager.create_new_session(
File "/home/kali/.local/lib/python3.11/site-packages/smbclientng/core/SessionsManager.py", line 59, in create_new_session
smbSession.init_smb_session()
File "/home/kali/.local/lib/python3.11/site-packages/smbclientng/core/SMBSession.py", line 140, in init_smb_session
self.connected = self.smbClient.kerberosLogin(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/impacket/smbconnection.py", line 319, in kerberosLogin
return self._SMBConnection.kerberosLogin(user, password, domain, lmhash, nthash, aesKey, kdcHost, TGT,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/impacket/smb3.py", line 718, in kerberosLogin
seq_set(authenticator, 'cname', userName.components_to_asn1)
File "/home/kali/.local/lib/python3.11/site-packages/impacket/krb5/asn1.py", line 81, in seq_set
seq.setComponentByName(name, builder(component, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/impacket/krb5/types.py", line 150, in components_to_asn1
name.setComponentByName('name-type', int(self.type))
^^^^^^^^^^^^^^
TypeError: int() argument must be a string, a bytes-like object or a real number, not 'PrincipalNameType'
```
Oh I think I'm good to go now - this appears to work:
smbclientng --host somehost.domain.com --kdcHost dc01.domain.com -d domain.com -k -u "user-I-have-TGT-for" --no-pass
Maybe give an example in your documentation for future folks who run into this?